CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

Positive Technologies•added 2026/05/13 12:0 a.m.•3 views

PT-2026-40627

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

7.1CVSS5.9AI score0.00029EPSS

Exploits0References5

RedhatCVE•added 2026/05/07 8:21 p.m.•3 views

CVE-2026-40309

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...

7.2CVSS5.7AI score0.00025EPSS

Exploits0References1

EUVD•added 2026/05/06 7:40 p.m.•3 views

EUVD-2026-28154

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

7.1CVSS5.7AI score0.00025EPSS

Exploits0References1

Cvelist•added 2026/05/06 7:40 p.m.•24 views

CVE-2026-40174 Masa CMS CSRF in user address management allows unauthorized address changes

7.1CVSS0.00025EPSS

Exploits0References1

Vulnrichment•added 2026/05/06 7:40 p.m.•4 views

CVE-2026-40174 Masa CMS CSRF in user address management allows unauthorized address changes

7.1CVSS5.7AI score0.00025EPSS

Exploits0References1

EUVD•added 2026/04/22 9:31 a.m.•0 views

EUVD-2026-24700

The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manageadminrequests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

9.8CVSS5.6AI score0.00047EPSS

Exploits0References5

CVE•added 2026/04/22 7:45 a.m.•2 views

CVE-2026-6235

Vulnerability overview: The Sendmachine for WordPress plugin (WordPress) is affected by an authorization bypass in the manage_admin_requests path for all versions up to 1.0.20, enabling unauthenticated attackers to overwrite the SMTP configuration and potentially intercept all outbound emails (in...

9.8CVSS5.6AI score0.00047EPSS

Exploits0References4

ATTACKERKB•added 2026/04/22 7:45 a.m.•2 views

CVE-2026-6235

9.8CVSS5.6AI score0.00047EPSS

Exploits0References5

CNNVD•added 2026/04/22 12:0 a.m.•4 views

WordPress plugin Sendmachine for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.8CVSS5.8AI score0.00047EPSS

Exploits0References2

Positive Technologies•added 2026/03/31 12:0 a.m.•1 views

PT-2026-29259

Name of the Vulnerable Software and Affected Versions: OpenClaw versions prior to 2026.3.28 Description: A privilege escalation vulnerability exists in the /pair approve command path due to missing scope validation. A user with pairing privileges, but without admin privileges, can approve pending...

9.9CVSS7.2AI score0.00018EPSS

Exploits0References46

CVE•added 2025/11/25 12:0 a.m.•11 views

CVE-2025-64063

CVE-2025-64063 affects Primakon Pi Portal 1.0.18. The issue stems from insufficient authorization checks in API endpoints, allowing a standard user to send direct HTTP requests to administrative endpoints and bypass UI restrictions. Potential impact includes: Unauthorized account modification (mo...

9.8CVSS6.6AI score0.00059EPSS

Exploits0References2Affected Software1

CVE•added 2025/11/18 8:27 a.m.•2 views

CVE-2025-12173

CVE-2025-12173 concerns the WordPress plugin WP Admin Microblog (versions ≤ 3.1.1). Wordfence details indicate a Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on the wp-admin-microblog page, enabling unauthenticated attackers to post messages on behalf of an admin...

4.3CVSS4.9AI score0.00013EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-5816

Malware in sbrugna...

9CVSS8.6AI score0.00405EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2012-1931

Malware in sbrugna...

6.8CVSS6.4AI score0.00464EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2012-1987

Malware in sbrugna...

6.8CVSS6.2AI score0.00686EPSS

Exploits6References7

VulnCheck KEV•added 2025/06/08 12:0 a.m.•1 views

VulnCheck KEV: CVE-2022-31984

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=...

7.2CVSS5.9AI score0.23519EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 8:13 a.m.•10 views

CVE-2019-13969

Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=uiset=admin=index=dogettextcontent=lang=1 request...

8.8CVSS8.2AI score0.00244EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:31 a.m.•5 views

CVE-2019-14656

Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account with a password of user can make admin requests via HTTP...

9CVSS7.1AI score0.00405EPSS

Exploits1References1

OSV•added 2025/01/07 1:15 p.m.•0 views

CVE-2024-45100

IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources...

4.9CVSS5.8AI score0.00113EPSS

Exploits0References1